Results 1 to 3 of 3
Thread: Server sending tons of traffic
-
01-06-2004, 08:36 AM #1WHT Addict
- Join Date
- Jan 2001
- Posts
- 122
Server sending tons of traffic
Hey everyone,
Yesturday morning when I was accessing sites on my server, it took forever for pages to load. When I pinged my machine, the responces were an average of 1500 ms. Also, when I tried to ping other computers on the same network, there was a similar result. I called my ISP, and they suggested that one of the computers was sending to much traffic. It was my Linux webserver, for when I shut it down, everything went down to 40 ms.
On the server, I noticed that qmail-remote was high in the process list in CPU usage, but 85.5% of the machine was idle. In the logs there are errors saying that it was out of memory, around the same time.
What could cause this? What should I do? I do not have a ton of linux experience but my primary concern is security (mainly that my machine isn't used for spam). Is there a way to tell if my machine has been hacked? Thank you ver much for your help.
-
01-06-2004, 09:44 AM #2Web Hosting Master
- Join Date
- Nov 2003
- Location
- on the 'net
- Posts
- 1,187
I just heard yesterday of another Linux server sending out 40MB/s DDOS attack. Sounds like the script kiddies have figured out how to put trojans where they can do some real damage.
I would find a good admin and see if your box is compromised. Could be a spam-bot too.Current Project:
See behind the scenes photos from Movie, TV and Music Video shoots, taken by the filmcrews themselves! - CrewPix.com ...we do web hosting too.
-
01-06-2004, 09:55 AM #3Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
If you've not taking regular and ongoing steps to keep your system secure, consider the following.
Security has to be done in layers to be most effective.
For Unix-based systems, this should include the following:
* Disable telnet.
* Limit SSH access to specific IP addresses.
* Disable direct root login.
* Remove unnecessary packages / software.
* Harden the kernel against synflood and basic DOS attacks.
* Remove common user access to compilers and fetching software (wget, fetch, lynx, etc.).
* Ensure /tmp is in its own partition with noexec, nosuid.
* Ensure kernel and software is up to date.
* Remove unnecessary users and groups.
* Install chkrootkit, logwatch, tripwire.
* Install a firewall, and port scan detector.
* For Apache servers, install mod_security and configure for use with FrontPage, PHPMyAdmin, Site Studio, and other H-Sphere applications.
* Secure DNS Servers
* Utilize firewall automation to mitigate brute force FTP, syn floods, mail bombs, and out-of-network trojan’d servers from impacting our servers
It is important to note that security is an ongoing venture. Even if you were to take all of the steps listed above, you would still have a regular routine of review, update, research, patch, etc.
Thank you.